9/18/20

 

8900.1 CHG 722

VOLUME 10  SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES

CHAPTER 6  ANALYSIS, ASSESSMENT, AND ACTION

Section 2  Safety Assurance System: Module 5 Action

10-6-2-1    GENERAL.

Indicates new/changed information.

A.    Purpose. Determine the action that the principal inspector (PI), training center program manager (TCPM), or certification project manager (CPM) needs to take based on the results of their analysis and assessment.

Indicates new/changed information.

B.    Scope. This section applies to the PI, TCPM, and CPM. Unless otherwise specified, instructions and information directed at the PI also refer to the TCPM and/or CPM. In Module 5, Action, the PI will:

    Determine the appropriate action to take;

    Initiate and manage the Action Item Tracking Tool (AITT);

    Perform configuration change if necessary; and

    Update the Comprehensive Assessment Plan (CAP) and/or the Certificate Holder Assessment Tool (CHAT).

10-6-2-3    RESERVED.

Indicates new/changed information.

10-6-2-5    BACKGROUND. The Action module completes the Safety Assurance System (SAS) closed-loop process. The PI makes a decision and executes a course of action based on the determinations made during Analysis and Assessment.

10-6-2-7    ACTION.

Figure 10-6-2A.   Module 5 Action Process Flowchart

Indicates new/changed information. Includes new/changed information.

Figure 10-6-2A, Module 5 Action Process Flowchart

Includes new/changed information.

10-6-2-9    PROCEDURES.

A.    Determine Appropriate Action (see flowchart process step 10-6-2-9A). If the assessment determination requires action, then the PI must select one or more of the actions from Table 10-6-2A, Action Choices, and provide justification. The action choices and justification must support the assessment determination.

Table 10-6-2A.  Action Choices

Indicates new/changed information. Indicates new/changed information. Indicates new/changed information. Indicates new/changed information.

Action Choices

Instructions for Use

Adjust Priority/Resource Order of System or Subsystem Performance Assessment (SPA)

Select this action to adjust the due dates which will change the resource order of an assessment on the CAP. See Volume 10, Chapter 3, Section 1 for more information.

If your office has transitioned to the Risk Profile, see Volume 10, Chapter 3, Section 2.

Add Element Performance Assessment (EPA) or Element Design Assessment (EDA)

Select this action to add a Performance Assessment (PA) or Design Assessment (DA). Those assessments will autopopulate on the CAP with the associated SPA.

Add Custom Data Collection Tool (C DCT)

Select this action to create a C DCT. The C DCT will autopopulate on the CAP.

Notify the Certificate Holder

Select this action to notify the certificate holder or applicant of issues or findings. When the PI provides the certificate holder or applicant with information collected and stored in the automation, they must summarize that information. Do not provide screenshots from the automation or raw data. The PI will provide notification to the certificate holder or applicant in writing (e.g., email, U.S. mail, or other means determined by the PI) outlining the results of the assessment. The notification will include the areas inspected and a list of any discrepancies and/or observations. See Volume 14, Chapter 1, Appendix 14-3, Compliance Action Communications/Correspondence Guidelines.

For Title 14 of the Code of Federal Regulations (14 CFR) part 121 certificate holders the following letters should be used:

1. Compliance Action Letter. Use this letter to formally notify the certificate holder when a safety concern or deviation from standards is discovered. Prior to issuing this letter, the PI ensures the condition leading to the deviation has stopped and concludes that Compliance Action is appropriate (using the Compliance Action Decision Process in Volume 14, Chapter 1, Section 2).

2. Hazard Letter. Use this letter to formally notify the certificate holder of a hazard or ineffective risk control (refer to 14 CFR part 5, § 5.51(d)). A hazard may or may not be systemic and is discovered during surveillance or other certificate management oversight.

3. Safety Assurance Letter. Use this letter to formally notify the certificate holder of unfavorable responses to be addressed by the certificate holder in their Safety Management System (SMS). This letter may be used to summarize quarterly surveillance activity, a focused inspection, or as determined by the PI. If similar unfavorable responses occur in subsequent observations, then the issue should be elevated and documented with a Hazard Letter.

Initiate Enforcement per Federal Aviation Administration (FAA) Order 2150.3, FAA Compliance and Enforcement Program

Select this action if a certificate holder or applicant exhibits intentional, reckless, or criminal behavior, or a pattern of negative behavior to conduct operations contrary to applicable parts of 14 CFR. Follow the procedures outlined in Volume 14 and Order 2150.3.

Amend or Remove an Operations Specification (OpSpec)

Select this action if the certificate holder or applicant does not meet the requirements for approval or acceptance. This may include automated Letters of Authorization (LOA) and training specifications (TSpecs). The certificate holder or applicant may be required to modify its system, or the FAA may modify its authorizations.

Convene a System Analysis Team (SAT)

Select this action to develop and execute collaborative action plans to ensure certificate holders manage their risks. See Volume 10, Chapter 7, Section 3 for more information.

Identify New Hazard (Request National Safety Analysis (NSA) Support)

Select this action to request NSA support for a new systemic or potentially systemic safety issue that could impact multiple certificate holders. A new hazard is defined as one where current directives do not exist to effectively mitigate risk such as new or emerging technology that did not previously exist in the National Airspace System (NAS). See Volume 10, Chapter 7, Section 2 for more information.

NOTE:  Use of “Identify New Hazard” including the request of NSA support must be coordinated with your manager.

Initiate Risk Management Process (RMP)

Select this action to ensure that the certificate holder is effectively managing the risk in their operation. See Volume 10, Chapter 7, Section 1 and Volume 6, Chapter 2, Section 18 for more information. For information on how to create and track hazards in the AITT, refer to the Automation User Guide (AUG).

Regulatory Compliance Action

Select this action when the certificate holder did not meet regulatory requirements and it was determined that enforcement action is not required. See Volume 14, Chapter 1, Section 2.

Other

Select this action for any other item not covered in the “Add Action(s)” list.

Indicates new/changed information. Indicates new/changed information. Indicates new/changed information.

B.    Initiate/Manage AITT (see flowchart process step 10-6-2-9B). The PI must use the AITT to ensure that certificate holders complete corrective actions from DAs, PAs, other oversight functions, Compliance Action, or the identification of any new hazards. The AITT contains immediate and long-term corrective actions required of certificate holders, including followup actions that may be required by guidance elsewhere in this order. The PI may use the AITT to track certificate holder or applicant issues. For example, a C DCT can be created as an action item. The DCT identification number found on the CAP can be entered in the AITT, connecting the two. The item can be closed in the AITT because the C DCT is on the CAP. However, it cannot be used to replace documentation requirements specified in other guidance. A title and description for the action can be entered in the “Explanation” field of the AITT. An action item selected in Analysis, Assessment, and Action (AAA) and PI options in the CHAT will automatically be added to the AITT for tracking. The PI can also add action items directly to the AITT, or when completing an assigned DCT.

1)    Voluntary Safety Programs. Voluntary safety programs, including the Aviation Safety Action Program (ASAP), Voluntary Disclosure Reporting Program (VDRP), and flight operations quality assurance (FOQA), are protected from release in accordance with public disclosure under 14 CFR part 193. For that reason, identifying information, such as the regulated entity’s name, identifier, personnel names, etc. should not be entered into SAS. If the decision is made to track items related to safety programs as an action in the AITT, then:

    Do not include any identifying information.

    Add this statement: “Details related to this action are tracked in the appropriate database which is protected from release under 14 CFR part 193.”

Indicates new/changed information.
2)    Regulatory Findings. The PI should notify the certificate holder of any regulatory findings; and the certificate holder should demonstrate a willingness to comply by acknowledging the regulatory issues and implementing corrective actions. The PI should take action to address regulatory issues as soon as they are known. The PI should document any action taken by the aviation safety inspector (ASI), such as “Corrected on the Spot,” and may take additional action to ensure the certificate holder resolves the issues. Letters and documentation may be uploaded to the AITT. The PI must provide a justification when closing the associated action item.

NOTE:  Frequent or occasional likelihoods may indicate a systemic hazard. See Volume 10, Chapter 6, Section 1, Table 10-6-1C, Performance Assessment Determination; and Table 10‑6‑1D, Design Assessment Determination.

3)    Nonregulatory Safety Concerns. The PI should notify the certificate holder of any nonregulatory safety concern. The PI may add an action for a nonregulatory safety concern or if additional followup is necessary and should track these actions in the AITT. The PI must provide justification in the AITT to close the item.
4)    Enforcement. If the PI selects “Initiate 2150.3” enforcement action, the PI must track the enforcement, and other followup designed to mitigate known risk, in the AITT and provide justification. The PI must validate that corrective actions taken by the certificate holder or enforcement actions taken by the FAA are effective; and the related action items in the AITT should remain open until validation occurs.
5)    Compliance Action. The PI must use the AITT to initiate, track, and document corrective actions associated with Compliance Action. The documentation must include the results of the Root Cause Analysis (RCA), the identified hazards or ineffective risk controls, and how the certificate holder corrected the problem. The AITT covers all Compliance Action for tracking and resolution. Items on the AITT may need further analysis. The PI will need to determine if it is necessary to update the CAP and/or CHAT based on analysis of the AITT. The PI must validate that corrective actions taken by the certificate holder are effective and related action items in the AITT should remain open until validation occurs.
6)    Due Dates. The default due date for an action item is the last day of the next quarter. Due dates may be adjusted with a justification. The automation will flag the action as it approaches or passes the due date. See the table below for statuses.
Indicates new/changed information.

Red

Overdue

Past due

Yellow

Advisory

Due within 15 calendar-days (default)

Green

On Time

Due in more than 15 calendar-days

NOTE:  Actions generated from AAA autopopulate in the AITT, “Action Implementation” tab. Followup actions are automatically tied to the original (closed) assessment.

Indicates new/changed information.
7)    Review/Monitor Open Action Items. The PI and office management must monitor open action items and review them at least quarterly. If an action item is overdue and cannot be closed, then the PI should extend the due date to a time when the action item is expected to be complete.

C.    Configuration Change? (see flowchart process step 10-6-2-9C). A configuration change may be necessary when the PI determines the certificate holder’s or applicant’s performance or design cannot be affirmed. If a configuration change is necessary, then the PI documents the change in the AITT. The certificate holder or applicant may be required to modify its design, or the PI may modify the authorizations. See Volume 10, Chapter 2, Section 1 on how to initiate a change in Module 1, Configuration. If the PI determines a configuration change is not necessary, then see Step 10-6-2-9D, Update the CAP and/or CHAT?

D.    Update the CAP and/or CHAT? (see flowchart process step 10-6-2-9D). If the PI selects adjust the resource order of SPA or add an EPA, EDA, or C DCT, then the PI updates the CAP or CHAT risk indicators. See Volume 10, Chapter 3, Section 1 on how to adjust and update the CAP and/or CHAT in Module 2, Planning. Updating the CAP and/or CHAT closes the oversight loop.

NOTE:  If your office has transitioned to the Risk Profile, then see Volume 10, Chapter 3, Section 2 on how to adjust and update the CAP and/or CHAT.

E.    Close Action in AITT (see flowchart process step 10-6-2-9E). The PI should close all open action items in the AITT as soon as the action is complete. When the PI closes the action in the AITT, he or she must provide justification.

10-6-2-11 through 10-6-2-29 RESERVED.